# 5 Cross-Cutting Requirements

## 5.1 Personal Data Privacy (REQUIRED)

Personal data must be kept private and never shared with any parties, except where specific authorization has been granted. The Consent Building Block shall follow the privacy principles as laid out in the GovStack architecture and security recommendations.

## 5.2 All transactions must be Audit Logged (RECOMMENDED)

Logs should be kept in a database of all created, updated, or deleted records. Logs must include timestamps and identify the user and affiliation that performed the transaction.

All audit logs shall be integrity-protected against tampering. The Consent Building Block shall follow the data policy and audit logging requirements as required by local policies.

## 5.3 Rollback capability (RECOMMENDED)

The Building Block must perform various activities starting from initiation of purchase request/expression of interest to completion of order with feedback etc. In case of any non-compliance (due to both technical and functional reasons), it should be able to roll back to the initial state to safeguard the integrity of the application.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://specs.govstack.global/emarketplace/5-cross-cutting-requirements.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.